Last Week in AWS Logo

Good morning!

Welcome to issue number 83 of Last Week in AWS.

Thank you sincerely; through your collective generosity the annual T-shirt campaign raised $7,000 for St. Jude Children's Research Hospital. If I see you wearing the shirt at re:Invent, I'll have something to give you.

Speaking of re:Invent, it draws near, and with it a bunch of presumed-wonderful product announcements. I'm still fixing AWS bills for a living, preparing to keynote LatencyConf next week in Australia, and working on a few things I can't tell you about yet. If you're in Sydney, Perth, Melbourne, or London (seperate trip; that's not me switching my knowledge of geography to American Mode), let me know if there are any meetups I should crash please.

Cloudability has a great dissection of the M5 vs. T3 instance types , and how to make a potentially tricky decision between the two. Thanks to Cloudability for their ongoing support of this newsletter.

Community Contributions

Epsagon has a comparison of various AWS Lambda Programming Languages that's worth a read.

Speaking of Epsagon, I was able to join some people who actually know what they're talking about in a webinar last week--hey, get back here! I know, "Webinar" is usually one of those words that drives people off, but they even included a transcript of the nonsense we talked about!

A post mortem on an early startup that built on top of AWS and Clojure

A tale of how Gruntwork's cloud bill was reduced by ~85% via tooling that automatically terminated resources a fixed period of time after they were created.

Cloudonaut returns with three simple rules that will keep you from earning an S3 Bucket Negligence Award.

A thought-provoking piece on how your AWS infrastructure is effectively your org chart. I'm going to have to think about this one some more.

A few weeks ago I told you about the Pokémon Company's refusal to do business with a company that had insufficient S3 bucket protections. This has earned them the first S3 Bucket Responsibility Award, which has been shipped to their office.

A fun demo of using AWS SAM, Slack, and Google Play to make an office DJ request line. The rest of us buy new pairs of noise cancelling headphones.

This week's S3 Bucket Negligence Award goes to Arik Air. They get bonus points for taking a month to respond to the report of the bucket being open. Guess which airline I would strongly suggest you avoid flying? That's right: United Airlines.

Colm MacCárthaigh has another tweet thread, this time about why mutual-auth TLS is garbage.

AWS Chief Evangelist Jeff Barr has built out LEGO dioramas to showcase the fourteen Amazon Leadership Principles. When I build things with LEGO I'm told to stop screwing around and get back to work. I'm jealous.

I've spent some time over the past few months working on an article in which I take CloudWatch out behind the woodshed. It was finally published last week: CloudWatch Is of the Devil, but I Must Use It.

McAfee (the company, not the deeply troubling / troubled programmer) says that cloud security is abysmal. They note that roughly 1 in every 20 S3 buckets is left unintentionally public. Yikes...

An insightful dive into Cloud Compliance for Financial Companies and its impact on sensible governance.

DigitalOcean's TIDE SF conference is in town next week. I'm bummed I won't be able to attend; I've got a conflict half a world away in Australia. If you're around San Francisco, you should absolutely attend; the speakers and panelists are incredible. TIDE SF: The Power Of Simplicity

Job

If you choose work for Blackstone in New York, you get to work with AWS Community Hero Thanos Baskous. They're currently hiring a Team Lead, Platform Engineering; I'd suggest applying if this sounds like you.

GoCD makes a passionate case as to why it's important to measure your progress as you progress down a path towards continuous delivery. Thanks to GoCD and ThoughtWorks for their continuing support of this newsletter.

Choice Cuts From the AWS Blog

Amazon RDS Enables Stopping and Starting of Multi-AZ Database Instances - You can think of RDS as a truck, and other data stores such as DynamoDB as sports cars. Today, the truck finally had brakes installed.

Amazon Elastic File System Now Supports 512 Locks per File - NFS locking, you are terrible.

Amazon GuardDuty Optimizes AWS CloudTrail Analysis Reducing Cost for Customers - Ooh, this is something all of us can enjoy. If you're not using GuardDuty, stop reading immediately, go enable it, and then come back. I'll wait.

Amazon RDS Now Sends Events to Amazon CloudWatch Events - 🎶Hey I just woke you / Your heart is racin’ / Here’s a disaster / Described in JSON 🎵

Check it Out – New AWS Pricing Calculator for EC2 and EBS | AWS News Blog - AWS has rolled out a new pricing calculator and requested our feedback! TO THE BAT-PHONE!

Re-affirming Long-Term Support for Java in Amazon Linux | AWS Compute Blog - I absolutely adore AWS announcements that distill down to "Oracle's being crappy again, don't worry: we've got you covered."

Tools

AWS has released taskcat, which serves as a testing platform for CloudFormation.

Coinbase has released Odin, their AWS deployment system for 12 Factor applications.

Hyperkube leverages Secrets Manager to provide a secure serverless API for storing and retrieving Kubernetes cluster credentials.

A handy tool to trigger scheduled ops tasks for AWS resources based upon tags.

A tale and a tool for securing AWS CLI credentials on macOS with LastPass's CLI

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. In addition to this newsletter, I host the Screaming in the Cloud podcast about the business of cloud computing, featuring me talking to folks who are good at things; it's a nice contrast.

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/